[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] unzipping an encrypted zip file

Subject: [ale] unzipping an encrypted zip file
From: greg.freemyer at gmail.com (Greg Freemyer)
Date: Thu, 6 Aug 2009 17:44:19 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Thu, Aug 6, 2009 at 4:20 PM, Michael H. Warfield<mhw at wittsend.com> wrote:
> On Thu, 2009-08-06 at 15:36 -0400, Greg Freemyer wrote:
>> All,
>
>> I need to unzip an encrypted zip file. ?What tool should I use. ?(And
>> yes windows is available, but I hate to give in and ask a co-worker to
>> do it for me.)
>
>> First attempt:
>> $ unzip fileserver_sec_log.zip
>> Archive: ?fileserver_sec_log.zip
>> ? End-of-central-directory signature not found. ?Either this file is not
>> ? a zipfile, or it constitutes one disk of a multi-part archive. ?In the
>> ? latter case the central directory and zipfile comment will be found on
>> ? the last disk(s) of this archive.
>> unzip: ?cannot find zipfile directory in one of fileserver_sec_log.zip or
>> ? ? ? ? fileserver_sec_log.zip.zip, and cannot find
>> fileserver_sec_log.zip.ZIP, period.
>
> ? ? ? ?What is it "encrypted" with? ?I deal with encrypted zip files all the
> time (generally malware samples to study) and simply running unzip -l on
> the archive will still give you a listing of the archive (the "central
> directory" is not encrypted) but you need the password to extract the
> files. ?This sounds like it's either externally encrypted or corrupt or
> there's a new zip encryption method in town.
>
>> Greg
>
> ? ? ? ?Mike

Mike,

Turns out the zip file was corrupted when I pulled it off the email somehow.

How I get:

# unzip fileserver_sec_log.zip
Archive:  fileserver_sec_log.zip
   skipping: fileserver_genetics_sec_log.txt  unsupported compression method 99

The file was zipped with a current version of winzip I believe.  I
actually gave up and unzipped it via my co-workers pc / winzip.  It
worked fine, but I'm still curious.

Greg
-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
Preservation and Forensic processing of Exchange Repositories White Paper -
<http://www.norcrossgroup.com/forms/whitepapers/tng_whitepaper_fpe.html>

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com

Follow-Ups:
- [ale] unzipping an encrypted zip file
  - From: Richard at Bronosky.com (Richard Bronosky)

References:
- [ale] unzipping an encrypted zip file
  - From: greg.freemyer at gmail.com (Greg Freemyer)
- [ale] unzipping an encrypted zip file
  - From: mhw at WittsEnd.com (Michael H. Warfield)

Prev by Date: [ale] unzipping an encrypted zip file
Next by Date: [ale] unzipping an encrypted zip file
Previous by thread: [ale] unzipping an encrypted zip file
Next by thread: [ale] unzipping an encrypted zip file
Index(es):
- Date
- Thread